[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Usage of CRL Issuing Distribution Point

To: "'Stephen Kent'" <kent@xxxxxxx>, Trevor Freeman <trevorf@xxxxxxxxxxxxx>
Subject: RE: Usage of CRL Issuing Distribution Point
From: Santosh Chokhani <chokhani@xxxxxxxxxxxx>
Date: Fri, 19 Feb 1999 15:16:42 -0500
Cc: "'ietf-pkix@xxxxxxx'" <ietf-pkix@xxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxx

In addition, the relying party must validate the contents of the Issuing
DP (which is within the signed envelope of the CRL) against the contents
of the CDP (which is in the signed envelop of the certificate).  The
specific validation rules (once again at the risk of being redundant)
are listed in the Annex M of the X.509 9/98 PDAM.

> -----Original Message-----
> From:	Stephen Kent [SMTP:kent@bbn.com]
> Sent:	Friday, February 19, 1999 9:56 AM
> To:	Trevor Freeman
> Cc:	'ietf-pkix@imc.org'
> Subject:	RE: Usage of CRL Issuing Distribution Point
> 
> Trevor,
> 
> Yes, this message thread certainly does seem to have become confused.
> Hopefully we now agree that inclusion of a CDP extension in a cert
> allows a
> relying party to determine whether it has the right CRL for the cert
> in
> question, subject to the usual CRL validation processes.  Note that,
> in
> this case, the relying party does not care whether there are multiple
> CRLs
> or not, since the the CDP extension provided the necessary pointer.
> 
> Steve

Prev by Date: RE: CMC Comments?
Next by Date: RE: Comments to Qualified Certificates draft
Previous by thread: RE: Usage of CRL Issuing Distribution Point
Next by thread: Re: Usage of CRL Issuing Distribution Point
Index(es):
- Date
- Thread